diff options
| author | Michael Shanzer <shanzer@mit.edu> | 1994-05-20 18:30:01 +0000 |
|---|---|---|
| committer | Michael Shanzer <shanzer@mit.edu> | 1994-05-20 18:30:01 +0000 |
| commit | 838fad6c3b320d10df135c99a5f6fb1f270ee4b3 (patch) | |
| tree | 81fb37d3afbf10727acd86578626f25e73b19a65 /doc | |
| parent | bad5e86e41d2c0dd01747fbb01bd9ab74aeb2571 (diff) | |
| download | krb5-838fad6c3b320d10df135c99a5f6fb1f270ee4b3.tar.gz krb5-838fad6c3b320d10df135c99a5f6fb1f270ee4b3.tar.xz krb5-838fad6c3b320d10df135c99a5f6fb1f270ee4b3.zip | |
document the fact that you can not change the key of
ovsec_adm/history
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3616 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/kadm5/api-funcspec.tex | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex index df3a41893..3f6b32bb2 100644 --- a/doc/kadm5/api-funcspec.tex +++ b/doc/kadm5/api-funcspec.tex @@ -447,6 +447,7 @@ expired. \item[OVSEC_KADM_POLICY_REF] Policy reference count is not zero. \item[OVSEC_KADM_INIT] Connection to server already initialized. \item[OVSEC_KADM_BAD_PASSWORD] Incorrect password. +\item[OVSEC_KADM_PROTECT_PRINCIPAL] Cannot change protected principal." \end{description} \subsection{Authentication and Authorization} @@ -860,6 +861,8 @@ set in the principal's aux_attributes field. \item If caller does not have modify privilege, (now - last_pwd_change) $<$ pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the principal's attributes, return OVSEC_KADM_PASS_TOOSOON. +\item If the principal your are trying to change is ovsec_adm/history +return OVSEC_KADM_PROTECT_PRINCIPAL. \item If the password does not meet the quality standards, return the appropriate OVSEC_KADM_PASS_Q_* error code. \item Convert password to key. The key is generated with @@ -887,8 +890,8 @@ RETURN CODES: standards. \item[OVSEC_KADM_PASS_REUSE] Requested password is in user's password history. -\item[OVSEC_KADM_PASS_TOOSOON] Current password has not reached minimum -life. +\item[OVSEC_KADM_PASS_TOOSOON] Current password has not reached minimum life +\item[OVSEC_KADM_PROTECT_PRINCIPAL] Cannot change the password of a special principal \end{description} @@ -1026,6 +1029,8 @@ if verification fails. \item If caller does not have modify privilege, (now - last_pwd_change) $<$ pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the principal's attributes, return OVSEC_KADM_PASS_TOOSOON. +\item If the principal you are trying to change is ovsec_adm/history return +OVSEC_KADM_PROTECT_PRINCIPAL. \item Store old key in history. \item Update principal to have new key. \item Increment principal's key version number by one. @@ -1043,6 +1048,8 @@ RETURN CODES: \item[OVSEC_KADM_UNK_PRINC] Principal does not exist. \item[OVSEC_KADM_PASS_TOOSOON] The minimum lifetime for the current key has not expired. +\item[OVSEC_KADM_PROTECT_PRINCIPAL] Cannot change the password of a special +principal \end{description} This function can also be used as part of a sequence to create a new |